Online identity theft has become a serious problem for the Internet services. Online identity theft causes not only monetary losses to users but also harmful consequences to users (e.g., illegal conduct by a third party). Accordingly, service providers desire to find an efficient way to identify a user account at risk (i.e., suspicious user accounts) but also to allow legitimate user activities.
In general, it's difficult for service providers to confirm the credibility of users who currently log in. To accurately identify whether a user account is suspicious, the service providers may determine whether the user account is logged in non-locally. Under traditional technologies, a service provider determines whether a login is a non-local login by selecting a geographic position corresponding to an IP address used when the user logs in.
This techniques, however, has various defects. First, a network operator may change its own IP address pool. For example, IP address allocation among cities may lead to identify a legitimate user as an illegal user. Thus, the identification error rate is relatively high. Second, a geographic position identified by the method of the technique is relatively rough and generally only may be accurate when logins are conducted in different cities. For example, if a third party steals an identity of a user, and logs in in the same city that the user used to log in (e.g., using a proxy server), the risk may not be identified.
Accordingly, an urgent problem needing resolution involves identifying user risk and reducing the influence of an IP address change associated with identification of the user risk. There is also a need to reduce error rates associated with the risk user identification, and identify geographic positions more accurately.